Given the increasing concerns about the security of health systems and payers’ stores of patient data and cost of cyber attacks, Verizon’s inaugural Protected Health Information Data Breach Report is well timed. The director of Verizon’s RISK Team (Research Investigations Solutions and Knowledge) and a co-author of the report, Bryan Sartin, shared some of the report’s findings, notably that 90 percent of industries had experienced protected health information data breaches.
At the Connected Health conference, he revealed that it had investigated 1,931 incidents affecting 392 million records in 25 countries. Yet, Sartin noted that the techniques and the people behind them weren’t nearly as mysterious as people tend to believe.
“People assume cybersecurity attacks are so sophisticated….but the majority of cybersecurity attacks in health fall into one of three buckets.”
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
He noted that PHI breaches stand out from other types of cybersecurity breaches in that the percentage of incidents that were inside jobs is equal to external threats to the businesses. They can also be caused by things such as sending an email to the wrong person
The report defined PHI as personally identifiable health information on an individual covered by one of the state, federal or international data breach disclosure laws.
The report’s lead author, Suzanne Widup, said in a statement: “What makes our findings even more troubling is that many sectors – especially those outside of the healthcare industry – aren’t even aware that they hold [protected health information]. The ramifications of stolen medical information can have significant consequences for the safety and well-being of the patient.”
When the full report is released next month, it will detail and examine how PHI breaches affect doctor-patient relationships, how they are happening, the length of time it takes to discover these breaches and ways to reduce risk.
There are a few cybersecurity startups to identify unauthorized electronic medical record access and breaches, such as Maize Analytics, Secure Healing, Haystack Informatics, and Protenus.
Photo: Free Digital Photos